black-box
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed cloud audit logger, but it overstates log durability and can create/cache a remote database for potentially sensitive agent logs.
Install only if you are comfortable sending audit-log content to TiDB. Do not rely on it as tamper-proof or permanent compliance evidence without additional controls. Prefer your own scoped TiDB database, protect the cached DSN, avoid logging secrets, and pin dependencies before production use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could rely on these logs as tamper-proof or permanent compliance evidence when the artifacts do not show immutability, tamper evidence, deletion protection, or indefinite retention.
These strong durability and compliance assurances are not supported by the provided implementation, which creates a regular mutable table, while DESIGN.md states a 30-day TiDB Serverless retention default.
**Black Box** is an indestructible audit log for AI Agents... **Audit Trail:** Prove exactly what your agent did and why (compliance).
Describe the tool as best-effort cloud logging unless immutable/tamper-evident storage is actually implemented; document retention, access controls, and deletion/modification risks clearly.
Logs may contain sensitive prompts, command details, file paths, errors, or secrets, and retrieved log text should not be treated as trusted instructions.
The skill intentionally stores agent action/error/reasoning text persistently in a cloud database and later supports reading those logs back.
streams critical actions, errors, and reasoning chains to a persistent cloud database (TiDB Zero) in real-time
Avoid logging secrets or private reasoning, use a database you control, set retention/access policies, and treat retrieved logs as data rather than instructions.
If fallback provisioning is used, audit data may be stored in a provider-created temporary database whose ownership, access controls, and retention are not fully described in the artifacts.
When no TiDB credentials are found, the skill calls a remote provider endpoint to create a temporary database for logging.
api_url = "https://zero.tidbapi.com/v1alpha1/instances" ... cmd = ["curl", "-sS", "-X", "POST", api_url, "-H", "content-type: application/json", "-d", "{}"]Prefer explicit user-provided TiDB credentials for a database you control, and document fallback database access, ownership, and retention before relying on it.
Anyone with access to the environment variables or cached DSN may be able to read or modify the audit-log database, depending on database permissions.
The skill uses TiDB database credentials and caches a fallback connection string locally for future runs.
DSN_FILE = os.path.expanduser("~/.openclaw_black_box_dsn") ... password = os.environ.get("TIDB_PASSWORD")Use a minimally privileged TiDB user, protect the cached DSN file, rotate credentials if exposed, and avoid sharing the same credentials with unrelated systems.
Unpinned dependencies can change over time and may make behavior harder to reproduce or audit.
The dependency is not version-pinned; although no automatic install spec is provided, future installation would resolve whatever package version is current.
pymysql
Pin dependency versions and provide a lockfile or clear installation instructions.